According to Security Affairs, its investigators CyberNews have discovered an exposed data bucket owned by Snewpit, an Australian news exchange platform. The bucket contains about 80.000 user files, including usernames, full names, addresses e-mail and profile pictures. These files were stored on an Amazon Web Services (AWS) server to which the public had access, which means that anyone with a direct URL to the files could access and download the data that was left open. The sensitive information files contained in the Snewpit bucket are no longer accessible, as the company secured them on September 24th.
What data does the exposed bucket contain?
The Snewpit bucket contains over 26.200 files, including the following:
- 256 video files recorded and uploaded by Snewpit users and developers
- 23.586 image files documenting local events uploaded by users of the Australian platform
- 4 CSV files, one of which contains over 79.700 user registrations, including full names, email addresses, usernames, user descriptions, last login times, and total time spent on application of Snewpit
- Thousands of user profile pictures.
Here are some of them data at stake with the exposure of the bucket.
- The CSV file contains records of users who downloaded and installed the Snewpit application, which currently has over 50.000 installations in its App Store Apple and Google Play store.
- Video files stored in the bucket appear to show raw videos from news releases, including crime incidents.
- The data includes user profile pictures.
Who is the owner of the bucket?
Available in its common bucket Amazon is owned by Snewpit, a company software based in Australia. Snewpit is a peer-to-peer application that enables its users to create, find and share news in real time, as well as receive notifications for news published within 5 kilometers of their site. According to the developers, the application aims to help users form a global community of citizen journalists, to report and discover local news and events happening around them. The application is mostly used by Australians, while it also has users on USA and United Kingdom.
Who had access to the data?
According to Snewpit founder Charlie Khoury, the bucket was exposed for 5 weeks after the development team made server changes to system reports. While Snewpit has not detected any suspicious activity, the company is examining all server logs to confirm that this has happened. In particular, Khoury noted that the company will review all access control settings and ensure that its users' data is secure and encrypted.
The files were stored on a publicly accessible Amazon S3 server, hence the hackers they could find unprotected Amazon buckets relatively easily. As these buckets do not have any protection against unauthorized access, there is a possibility that the data has been stolen by hackers for malicious purposes during the 5 weeks.
What are the consequences of leaking sensitive files?
Files stored in the exposed bucket of Snewpit Australia do not contain very sensitive information, such as scanning personal documents, passwords or social security numbers. However, even this data can be used by hackers to carry out malicious and "fraudulent" activities. Contact information, such as full names and email addresses, can be used by phishers and scammers in targeted attacks against exposed Snewpit users by sending malicious spam messages. In addition, hackers may combine data in the bucket with previous breaches in other buckets to create a more accurate profile of potential targets, with the goal of identity theft.
What exactly happened to the data?
The researchers discovered Snewpit's bucket in late September and contacted the company immediately to secure the bucket. The Snewpit team responded within minutes and secured the files the same day.
What to do if you are affected by a leak?
If you have an Australian Snewpit account, your files may have been exposed to this infringement. To protect your data and prevent possible malware damage, it is recommended that you do the following:
- Use it personal data leakage controller of CyberNews to see if your email address has been leaked.
- Change your email password right away and use a password manager.
- Enable two-factor authentication (2FA) in your email and other online accounts.
- Be wary of incoming spam and Phishing emails. Do not click on anything that looks suspicious, including emails from senders you do not know.